SCTP support in AKO for L4 services
AKO
for L4 servicesThis feature supports the SCTP protocol in
AKO
for L4 services, Kubernetes/OpenShift Load Balancer services, and Gateway
objects and their corresponding backend services. Prior to version 1.10.1, only TCP and UDP protocols were supported.Starting with version 22.1.3, the
NSX Advanced Load Balancer Controller
supports SCTP traffic for L4 virtual services. The Controller has introduced SCTP-specific properties for virtual services and pools. These include System-SCTP-Proxy TCP/UDP
(network) profile for supporting SCTP traffic in virtual services, an SCTP-based System-SCTP
health monitor for pools, and an SCTP protocol match option in L4 Policy Set match rules.The user must create a Load Balancer service or a Gateway-based L4 service with SCTP protocol in the port definition. The
AKO
running in the Kubernetes/OpenShift cluster will consume the service and gateway definitions. AKO
will create the corresponding virtual service in NSX Advanced Load Balancer Controller
with the appropriate System-SCTP-Proxy TCP/UDP (network) profile and the corresponding pools with the appropriate System-SCTP
health monitor. The L4PolicySet
is also created with appropriate match rules for the SCTP protocol.SCTP protocol support is not available for service type
NodePortLocal
, because Antrea CNI does not support SCTP Service ports for NodePortLocal
type services.Configuration
The configuration mainly includes creating Load Balancer services and
Gateway
objects and their corresponding backend services with SCTP protocol in port definitions.Following is the configuration sample of Load Balancer service yaml definitions:
apiVersion: apps/v1 kind: Deployment metadata: name: sctp-demo labels: app: server spec: replicas: 2 selector: matchLabels: app: server template: metadata: labels: app: server spec: containers: - name: sctp-demo image: <sctp enabled container image> ports: - containerPort: 9090 protocol: SCTP --- apiVersion: v1 kind: Service metadata: name: server namespace: default spec: ports: - port: 80 protocol: SCTP targetPort: 9090 selector: app: server type: LoadBalancer
Following is the configuration sample of
Gateway
objects yaml definitions:apiVersion: networking.x-k8s.io/v1alpha1 kind: GatewayClass metadata: name: avi-lb spec: controller: ako.vmware.com/avi-lb parametersRef: group: ako.vmware.com kind: AviInfraSetting name: my-infrasetting --- apiVersion: ako.vmware.com/v1alpha1 kind: AviInfraSetting metadata: name: my-infrasetting --- apiVersion: networking.x-k8s.io/v1alpha1 kind: Gateway metadata: name: my-gateway namespace: svcapi spec: gatewayClassName: avi-lb listeners: - port: 6060 protocol: SCTP routes: group: v1 kind: services selector: matchLabels: ako.vmware.com/gateway-name: my-gateway ako.vmware.com/gateway-namespace: svcapi --- apiVersion: v1 kind: Service metadata: labels: ako.vmware.com/gateway-name: my-gateway ako.vmware.com/gateway-namespace: svcapi name: avisvc-svcapi namespace: svcapi spec: ports: - name: sixtysixty port: 6060 protocol: SCTP targetPort: 9090 selector: app: avi-server type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: name: avi-server namespace: svcapi spec: replicas: 1 selector: matchLabels: app: avi-server template: metadata: labels: app: avi-server spec: containers: - image: <sctp enabled container image> imagePullPolicy: IfNotPresent name: avi-server ports: - containerPort: 9090 protocol: SCTP
The above example of Gateway defines a service of type
ClusterIP
as the backend service. However, you can also use a service of the type NodePort
.